PLT-2057 User as a first class object (#2648)

* Adding TeamMember to system

* Fixing all unit tests on the backend

* Fixing merge conflicts

* Fixing merge conflict

* Adding javascript unit tests

* Adding TeamMember to system

* Fixing all unit tests on the backend

* Fixing merge conflicts

* Fixing merge conflict

* Adding javascript unit tests

* Adding client side unit test

* Cleaning up the clint side tests

* Fixing msg

* Adding more client side unit tests

* Adding more using tests

* Adding last bit of client side unit tests and adding make cmd

* Fixing bad merge

* Fixing libraries

* Updating to new client side API

* Fixing borken unit test

* Fixing unit tests

* ugg...trying to beat gofmt

* ugg...trying to beat gofmt

* Cleaning up remainder of the server side routes

* Adding inital load api

* Increased coverage of webhook unit tests (#2660)

* Adding loading ... to root html

* Fixing bad merge

* Removing explicit content type so superagent will guess corectly (#2685)

* Fixing merge and unit tests

* Adding create team UI

* Fixing signup flows

* Adding LDAP unit tests and enterprise unit test helper (#2702)

* Add the ability to reset MFA from the commandline (#2706)

* Fixing compliance unit tests

* Fixing client side tests

* Adding open server to system console

* Moving websocket connection

* Fixing unit test

* Fixing unit tests

* Fixing unit tests

* Adding nickname and more LDAP unit tests (#2717)

* Adding join open teams

* Cleaning up all TODOs in the code

* Fixing web sockets

* Removing unused webockets file

* PLT-2533 Add the ability to reset a user's MFA from the system console (#2715)

* Add the ability to reset a user's MFA from the system console

* Add client side unit test for adminResetMfa

* Reorganizing authentication to fix LDAP error message (#2723)

* Fixing failing unit test

* Initial upgrade db code

* Adding upgrade script

* Fixing upgrade script after running on core

* Update OAuth and Claim routes to work with user model changes (#2739)

* Fixing perminant deletion. Adding ability to delete all user and the entire database (#2740)

* Fixing team invite ldap login call (#2741)

* Fixing bluebar and some img stuff

* Fix all the different file upload web utils (#2743)

* Fixing invalid session redirect (#2744)

* Redirect on bad channel name (#2746)

* Fixing a bunch of issue and removing dead code

* Patch to fix error message on leave channel (#2747)

* Setting EnableOpenServer to false by default

* Fixing config

* Fixing upgrade

* Fixing reported bugs

* Bug fixes for PLT-2057

* PLT-2563 Redo password recovery to use a database table (#2745)

* Redo password recovery to use a database table

* Update reset password audits

* Split out admin and user reset password APIs to be separate

* Delete password recovery when user is permanently deleted

* Consolidate password resetting into a single function

* Removed private channels as an option for outgoing webhooks (#2752)

* PLT-2577/PLT-2552 Fixes for backstage (#2753)

* Added URL to incoming webhook list

* Fixed client functions for adding/removing integrations

* Disallowed slash commands without trigger words

* Fixed clientside handling of errors on AddCommand page

* Minor auth cleanup (#2758)

* Changed EditPostModal to just close if you save without making any changes (#2759)

* Renamed client -> Client in async_client.jsx and fixed eslint warnings (#2756)

* Fixed url in channel info modal (#2755)

* Fixing reported issues

* Moving to version 3 of the apis

* Fixing command unit tests (#2760)

* Adding team admins

* Fixing DM issue

* Fixing eslint error

* Properly set EditPostModal's originalText state in all cases (#2762)

* Update client config check to assume features is defined if server is licensed (#2772)

* Fixing url link

* Fixing issue with websocket crashing when sending messages to different teams

1 files changed, 59 insertions, 19 deletions

diff --git a/api/web_conn.go b/api/web_conn.go
index 515a8ab31..397af0696 100644
--- a/api/web_conn.go
+++ b/api/web_conn.go
@@ -7,7 +7,6 @@ import (
 	l4g "github.com/alecthomas/log4go"
 	"github.com/gorilla/websocket"
 	"github.com/mattermost/platform/model"
-	"github.com/mattermost/platform/store"
 	"github.com/mattermost/platform/utils"
 	"time"
 )
@@ -21,14 +20,15 @@ const (
 )
 
 type WebConn struct {
-	WebSocket          *websocket.Conn
-	Send               chan *model.Message
-	TeamId             string
-	UserId             string
-	ChannelAccessCache map[string]bool
+	WebSocket               *websocket.Conn
+	Send                    chan *model.Message
+	SessionId               string
+	UserId                  string
+	hasPermissionsToChannel map[string]bool
+	hasPermissionsToTeam    map[string]bool
 }
 
-func NewWebConn(ws *websocket.Conn, teamId string, userId string, sessionId string) *WebConn {
+func NewWebConn(ws *websocket.Conn, userId string, sessionId string) *WebConn {
 	go func() {
 		achan := Srv.Store.User().UpdateUserAndSessionActivity(userId, sessionId, model.GetMillis())
 		pchan := Srv.Store.User().UpdateLastPingAt(userId, model.GetMillis())
@@ -42,7 +42,14 @@ func NewWebConn(ws *websocket.Conn, teamId string, userId string, sessionId stri
 		}
 	}()
 
-	return &WebConn{Send: make(chan *model.Message, 64), WebSocket: ws, UserId: userId, TeamId: teamId, ChannelAccessCache: make(map[string]bool)}
+	return &WebConn{
+		Send:                    make(chan *model.Message, 64),
+		WebSocket:               ws,
+		UserId:                  userId,
+		SessionId:               sessionId,
+		hasPermissionsToChannel: make(map[string]bool),
+		hasPermissionsToTeam:    make(map[string]bool),
+	}
 }
 
 func (c *WebConn) readPump() {
@@ -69,7 +76,6 @@ func (c *WebConn) readPump() {
 		if err := c.WebSocket.ReadJSON(&msg); err != nil {
 			return
 		} else {
-			msg.TeamId = c.TeamId
 			msg.UserId = c.UserId
 			PublishAndForget(&msg)
 		}
@@ -107,19 +113,53 @@ func (c *WebConn) writePump() {
 	}
 }
 
-func (c *WebConn) updateChannelAccessCache(channelId string) bool {
-	allowed := hasPermissionsToChannel(Srv.Store.Channel().CheckPermissionsTo(c.TeamId, channelId, c.UserId))
-	c.ChannelAccessCache[channelId] = allowed
+func (c *WebConn) InvalidateCache() {
+	c.hasPermissionsToChannel = make(map[string]bool)
+	c.hasPermissionsToTeam = make(map[string]bool)
+}
+
+func (c *WebConn) HasPermissionsToTeam(teamId string) bool {
+	perm, ok := c.hasPermissionsToTeam[teamId]
+	if !ok {
+		session := GetSession(c.SessionId)
+		if session == nil {
+			perm = false
+			c.hasPermissionsToTeam[teamId] = perm
+		} else {
+			member := session.GetTeamByTeamId(teamId)
+
+			if member != nil {
+				perm = true
+				c.hasPermissionsToTeam[teamId] = perm
+			} else {
+				perm = true
+				c.hasPermissionsToTeam[teamId] = perm
+			}
 
-	return allowed
+		}
+	}
+
+	return perm
 }
 
-func hasPermissionsToChannel(sc store.StoreChannel) bool {
-	if cresult := <-sc; cresult.Err != nil {
-		return false
-	} else if cresult.Data.(int64) != 1 {
-		return false
+func (c *WebConn) HasPermissionsToChannel(channelId string) bool {
+	perm, ok := c.hasPermissionsToChannel[channelId]
+	if !ok {
+		if cresult := <-Srv.Store.Channel().CheckPermissionsToNoTeam(channelId, c.UserId); cresult.Err != nil {
+			perm = false
+			c.hasPermissionsToChannel[channelId] = perm
+		} else {
+			count := cresult.Data.(int64)
+
+			if count == 1 {
+				perm = true
+				c.hasPermissionsToChannel[channelId] = perm
+			} else {
+				perm = false
+				c.hasPermissionsToChannel[channelId] = perm
+			}
+		}
 	}
 
-	return true
+	return perm
 }